On 15 April 2022, Bernold Nieuwesteeg, Director of the Centre for the Law and Economics of Cyber Security (CLECS), and Willem Kuijken, research assistant of the CLECS, submitted a reaction to the review of the Corporate Governance Code (the Code). The Monitoring Committee strives for these reviews to keep the Code up to date, future-focused and relevant. In this reaction, Nieuwesteeg and Kuijken plea that cybersecurity, especially transparency on this topic, should play a crucial role within the Code. They talked about this with parliament member Henri Bontenbal.
The Corporate Governance Code
The Code consists of guidelines for the relations between the executive board, board of commissioners, and shareholders of an organisation. The Monitoring Committee improves the actuality and usefulness of the Code and guards its enforcement. Several discussions between the Commission and the involved parties show a need to adjust the Code for the long-term value of creation, diversity, and the role of shareholders.
Based on these findings, the Committee published a consultation document on 21 February 2022 about the actualisation of the Code. This marked the start for interested parties to give input for the actualisation of the Code. One of these reactions belongs to Nieuwesteeg and Kuijken, who plead for more transparency concerning cybersecurity in the Code.
More transparency, more benefits
Nieuwesteeg and Kuijken have different reasons for more transparency in cybersecurity. First, transparency offers substantial corporate and societal benefits for the organisation. It can benefit the relationship that an organisation has with its potential investors and clients. Additionally, the relationship with regulation institutes, like the Dutch Data Protection Agency, can be improved through transparency in cybersecurity. Finally, transparency enhances the awareness of cyber risks.
Moreover, the reaction of Nieuwesteeg and Kuijken contains information about the current legal obligations and developments abroad. The two conclude their response with a few suggestions for the reviewed Code. Nieuwesteeg and Kuijken stress the importance of transparency and clear guidelines to create unity in reporting methods. To create this unity, cyber security transparency could be measured based on three themes: internal governance, external knowledge sharing and leadership, and a description and method of covering cyber risk for the concerning company.
Interest from politicians
After submitting the reaction, Nieuwesteeg and Kuijken had a conversation with parliament member Henri Bontenbal. During the conversation, they discussed the reaction, and the two researchers answered general questions concerning cybersecurity. Nieuwesteeg and Kuijken reflect on a fruitful discussion: “It is great to see an emerging interaction between politics, society, and science on the important subject of cybersecurity transparency.”
The Commission strives to review the Code this year and send it to the Dutch government. If they succeed, the Code could enter into force from 1 January 2023 onwards. Bontenbal said that he will take the input of the conversation with Niewesteeg and Kuijken into account in the next parliament meetings about cybersecurity.